CyberSec.Space Logo
返回 CVE 浏览器

CVE-2008-1052

MEDIUM
6.4
CVSS Severity Score
EPSS Score0.0190%
EPSS Percentile13.88th
Published2008年2月27日
Last Modified2026年4月23日

Vulnerability Description

The administration web interface in NetWin SurgeFTP 2.3a2 and earlier allows remote attackers to cause a denial of service (daemon crash) via a large integer in the Content-Length HTTP header, which triggers a NULL pointer dereference when memory allocation fails.

Affected Platforms (CPE)

📦
Netwin

Surgeftp

= 2.3a2

References & Advisories

🔗 http://aluigi.altervista.org/adv/surgeftpizza-adv.txt
🔗 http://secunia.com/advisories/29096
🔗 http://securityreason.com/securityalert/3704
🔗 http://www.securityfocus.com/archive/1/488745/100/0/threaded
🔗 http://www.securityfocus.com/bid/27993
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/40843
🔗 http://aluigi.altervista.org/adv/surgeftpizza-adv.txt
🔗 http://secunia.com/advisories/29096

相关漏洞威胁

CVE-2001-135510.0

Buffer overflows in NetWin Authentication Module (NWAuth) 3.0b and earlier, as implemented in DMail, SurgeFTP, and possibly other ...

CVE-2001-135610.0

NetWin SurgeFTP 2.0f and earlier encrypts passwords using weak hashing, a fixed salt value and modulo 40 calculations, which allow...

CVE-2007-37688.5

The mirror mechanism in SurgeFTP 2.3a1 allows user-assisted, remote FTP servers to cause a denial of service (restart) via a malfo...

CVE-2013-47427.5

Buffer overflow in NetWin SurgeFTP before 23d2 allows remote attackers to cause a denial of service (crash) or possibly execute ar...